12/20/2017

5 Attacks Targeted to Hit Your Inbox and How to Protect Against Them

Email is a top target of hackers. To better protect your organization, it’s important to understand what email threats you are up against today.

In a recent webinar, our data security experts sat down with cybersecurity expert David Bisson, associate editor at Tripwire’s The State of Security, to discuss today’s evolving threat landscape and the best practices that organizations can use to fortify their sensitive email data.

What Organizations Face Today

Malware: Users are twice as likely to encounter malware through email rather than exploit kits that rely on software vulnerabilities. The recent Locky attack mimicked automated emails from printing devices and tricked users into downloading corrupt .zip files. The malware eventually encrypted sensitive information and demanded a ransom to return it. Over 23 million emails infected with the Locky malware were sent out in one 24-hour period.

BEC Scams: Business email compromise (BEC) scams are when someone imitates an executive or associate and makes fraudulent requests for information or funds. In one example, a Nigerian BEC scam targeted industrial firms using official-looking .pdf files that contained malware capable of enabling remote access. The scammers used this capability to access company documents, hijack official email accounts to request wire transfers, and gain access to websites to host malware. Overall, estimates suggest that 8,000 companies a month are targeted by BEC scams, and going back as far as 2013, these scams cumulatively cost companies $5.3 billion.

Phishing: This threat encompasses a range of attacks that include broad-based phishing schemes, more targeted spear-phishing schemes, and more personalized catphishing schemes. And now that botnets can handle the heavy lifting of phishing, the scope of these attacks is greater than ever: Up to 93 percent of all ransomware attacks begin with a phishing email. Moreover, these attacks may not directly target the inbox, but by understanding some common user habits, hackers can utilize phishing to indirectly gain access to a user’s inbox. For instance, when users share passwords for both Netflix and email accounts, fake emails designed to steal Netflix credentials can give hackers access to official inboxes.

Man-in-the-Middle Attacks: It’s possible for hackers to insert themselves into email communication channels and intercept messages containing passwords, private communications, and sensitive data. Key Reinstallation Attackers (KRAK) are able to exploit 10 common vulnerabilities in Wi-Fi-enabled devices and either steal data transfers or inject malware into the network. And while there are some limitations to these types of attacks, their consequence is immediate and intense.

Zero-Day Exploits: Major vulnerabilities that exist in software are relatively easy to exploit through email. A flaw in Adobe Flash Player prompted the company to release a urgent patch, but zero-day exploits of that flaw surged before most users installed the fix. Organizations in the public sector and the aerospace industry were the hardest hit, illustrating that no organization is immune to attack.

What Organizations Can Do to Protect Themselves

Each one of these attacks has multiple iterations and technical infrastructures, meaning that the email inbox is bombarded with substantial and diverse threats on a daily basis. Because of this, organizations that try to approach the cyberthreat landscape with a singular security strategy are the ones that will be rendered most vulnerable.

Ultimately, companies need to focus on developing cybersecurity practices that are comprehensive — ones that involve both technical and nontechnical solutions. Training and educating users is the essential first step, but there must be multiple lines of defense after that. Layers of filtering, for instance, should be able to detect the schemes outlined above and safely quarantine malicious emails without affecting legitimate emails or disrupting operations.

As well, applying protection automatically to outbound communications is essential. ZixEncrypt, for instance, uses policies to determine whether emails should be encrypted, alleviating stress for employees and providing peace of mind for security and management teams. ZixEncrypt then uses the Best Method of Delivery to automatically send the encrypted email in the most convenient and secure mechanism possible.

This multi-layered approach is the only way that organizations can create a 360-degree security approach to the threat landscape, especially with so many red flags to consider and defend against.